Think & Built Bigger Faster Better

The security of Internet of Things (IoT) devices is becoming increasingly important across a variety of sectors, with an estimated 43 billion IoT devices predicted to be in use globally in 2023. We rely on the data generated and exchanged by IoT devices to be accurate and trustworthy. 

This malware searched for Internet of Things (IoT) devices using the Linux ARC operating system, then attacked and infected them using their default login credentials. This made it possible for massive numbers of IoT devices to be exploited in coordinated distributed denial of service (DDoS) assaults, which brought down large portions of the internet.

The Medtronic Insulin Pump Vulnerability is another illustration. In 2019, it was discovered that some Medtronic MiniMed insulin pumps have Wi-Fi connectivity flaws that might allow an unauthorized individual to take control of the pump and cause possibly fatal results.

IoT devices typically run on more compact platforms with physical restrictions on their size, weight, and power. They can’t operate complex authentication and cryptographic solutions because they have a lesser processing capacity. The installation of many of our current IoT devices results in inadequate architecture and configuration, which frequently renders security measures inoperative. The potential for effect increases significantly when you incorporate these smart devices into a network that already includes much older and simpler devices.

Many organizations are working hard to implement the fundamentals of security and are aware that they have a problem. It can be difficult to convince firms to make longer-term investments in IoT security, though.

Governments have already invested billions in addressing this issue, and organizations like NIST and ETSI have been working on programs to find and choose post-quantum algorithms (PQAs) for years. We are also getting closer to a consensus on a set of algorithms that are likely quantum safe; the US National Security Agency (NSA) and the UK’s NCSC both support the use of enhanced public key cryptography, which uses PQA along with significantly larger keys.

The NCSC advises that most users adhere to traditional cyber security best practices and wait for the introduction of quantum-safe cryptography (QSC) technologies that meet NIST criteria. That might cause an issue for the IoT. Many IoT sensors may not be able to execute most of these upgraded QSC standards because they look to demand significant CPU capacity to deal with complex algorithms and long keys.

Therefore, until NIST releases its QSC standards, we won’t know if they comply with IoT limitations. There would be a gap in the official development of IoT QSC solutions if they didn’t. It might make sense to search elsewhere for further workable answers given how quickly this field is developing and how much innovation there is in it.

For instance, PQC algorithms with limited resource requirements can be useful for asymmetric cryptography. The IoT sector now favors symmetric cryptography as a low-power approach, but the challenge of surreptitiously giving the identical keys to each side still exists, and quantum advancements may increase the need for electricity. 

These include quantum key distribution (QKD), which establishes a key agreement utilizing the features of quantum mechanics rather than employing challenging mathematical problems that quantum computers can easily answer. The NCSC does not support QKD for any government or military applications since it requires specialized hardware and does not offer a simple method of establishing authentication.

SKA, or secure key agreement, is an additional choice. Some businesses are testing secure computational techniques for digitally generating symmetric keys among reliable endpoints. This kind of software-based, low-power capabilities presents an intriguing IoT alternative. However, despite the fact that this type of capacity is being independently verified, neither NIST nor ETSI are aware of this method.